Overview E-commerce refers to the electronic components of trade activities, it covers all aspects related to business activities. Such as online shopping, online booking, online payment, online bidding, etc. E-commerce has brought huge impact to traditional trade. Its prominent markers are increasing trade opportunities, reducing trade costs, streamline trade processes, and improving trade efficiency. Can expand the dredging channel between sales, communication enterprises and enterprises, providing customers with uninterrupted product information query and order processing. All this has enhanced the competitiveness of the company. E-commerce has greatly changed business model, driving a change in economic structure, and is internationally considered to be an important driving force for the world's economic development in the next quarter, and can even promote economic development with 200 years ago. compared to". 1.1 The concept of e-commerce payment system is an important part of the e-commerce system. It refers to the use of safety electronic means to exchange goods or services between consumers, merchants and financial institutions, ie new payment methods (including electronics). The payment information of cash (E-CA-SH), Credit Card, Debit Card, Smart Card, etc.) is transmitted to banks or corresponding processing institutions through network security. 1.2 E-commerce Operation Process Any business activities can be divided into three stages: before the transaction, in the transaction, the transaction is traded. The preparation stage of the transaction is the preparation stage of the transaction. In the traditional mode, the number of the seller is also advertising, then sitting waiting for users to go to the door, but due to the asymmetry of market information, the buyer and sellers tend to look for each other. In the network environment, the seller can actively create the homepage online, launch the information of corporate image promotion, corporate culture, product display; buyers can access the other party home page at any time, query the required product information, and enhance the seller To understanding. In the middle of the transaction, the buyer has issued purchase information to the seller after the selected item and the certification center for the seller's confirmation. After receiving the buyer's information, the seller must also confirm the other party identity through the Certification Center, and then consult between the specific details of the transaction. In traditional mode, this process is accomplished from quotation, consultation, and subscribers of trade documents. Such as post, fax, etc., slow speed and poor confidentiality. In the network environment, these documents are passed by the network, and the information is transmitted, and the information is active, and the online private data exchange protocol automatically guarantees the accuracy and security reliability of the information transfer. At the time of the transaction, both parties pay the payment through financial institutions, while completing the commodity handover. This phase is a critical circle of the entire commerce trading process and is the purpose of the two parties to realize business trading activities. 1.3 The advantages of e-commerce are compared to traditional business models, e-commerce has the following advantages: low operating cost. E-commerce spans the intermediaries in traditional marketing methods, shortening the value chain, reduces transaction costs, and customers can get quality products and services. A wide range of users. As mentioned earlier, e-commerce is based on Internet, and thousands of user groups rapidly have a huge potential buyer market for millions of users rapidly expanded. No time to limit. The global market has become an integrated market that has nothing to do with geographical and space, and anyone can make business activities at any time, anywhere. Multimedia means. Online not only can pass text, but also pass image, animation, sound, and customers can visually browse and select goods. Two-way interactive communication. By e-commerce, merchants can display goods online, providing queries related to product information, interacting with customers, collecting market information, product testing, etc. Provide personalized services. In the era of more and more commodities, the era of consumers is increasingly personalized, and e-commerce can fully realize customer-centric demand with customers, and maximize customer-centered needs. 1.4 The development of e-commerce payment systems The e-commerce is in the early 1990s in the United States, Canada and other countries, but in recent years, electronic payments have been widely accepted by people. Various manufacturers such as IBM, HP, Microsoft, Sun, etc. have launched their own e-commerce products and their own solutions. With the development of e-commerce, many regulations have also sounded, and many states in Germany, South Korea, Italy, Spain and the United States have passed digital signature and identification law. In the second half of 1996, the US Treasury issued the "Global E-Commerce Choice Tax Policy" white paper; UNCITRAL has completed the formulation of model e-commerce law, which develops a unified universal rule for electronic transactions.
In addition, the security electronic transaction (SET) protocols developed by the two international credit card organizations VISA and MasterCard define an electronic payment process standard, and its purpose is to protect every link in the over-service payment card transaction. SET is the standard that is designed for security of online payment card business. In the past few years, my country's Beijing, Shanghai, Guangzhou and other information industries have begun the information industry departments of the urban business, and their own e-commerce systems have been opened in 1998, and other provinces and cities have also begun to establish electronics. Business system. However, major cities are in experimental exploration phases. Safety requirements for the security e-commerce payment system of the second e-commerce payment system include: confidentiality, certification, data integrity, interactive operation, etc. Currently, the security of the security e-commerce payment system at home and abroad includes: SSL (Secure Socket Lay-Er, Condom Press Layer), SET (Secure Electronic Transaction) and other protocol standards. 2.1 SSL protocol security socket method (SSL) protocol is commonly used on the network, ensuring the integrity, confidentiality, and interoperability of data during communication between the two sides, and is available when the security requirements are not too high. It includes: (1) Handshake agreement. That is, before transmitting information, send handshake information first to confirm each other's identity. After confirming the identity, the two parties jointly hold a shared key. (2) Message Encryption Protocol. That is, after the two sides are handshake, use the other party certificate (RSA public key) to encrypt a random key, and then encrypt the information flow of the two parties with the random key to achieve confidentiality. Because he is built in the browser such as IE, Nescape, it is very convenient to achieve. Most of the current B-C online payment use this method. The online payment interface provided by China Merchants Bank can be easily implemented on the online payment based on this protocol. SSL creates a secure communication channel with encryption to deliver the customer's credit card number to the merchant. It is equivalent to reading the user's credit card by using a safe telephone connection to the merchant. SSL Trading Process Diagram Although the SSL handshake protocol can be used for both sides confirmed the identity, but actually basically only use customer authentication server identity, ie unilateral authentication. This protocol cannot prevent the fraud of unfair merchants, because the merchant has mastered the customer's credit card number. Business fraud is one of the most serious problems faced by the SSL agreement. In addition, due to the restrictions of the encryption algorithm, the browser and web server have a so-called "512/40" issue. DES symmetrical encryption is 40 bits, and RSA is encrypted to 512 bits. Encryption strength is low to make B-C SSL protocols are difficult to promote to a higher requirements of B-B field. 2.2 Safety Electronic Trading Agreement SetSet is a safety transactional implementation agreement that implements payment cards (credit cards, debit cards, and payment cards, etc.) on an open network (Internet or public multimedia network). It does not require large transformation of existing bank payment networks. The 1.0 version of the agreement was released on May 31, 1997. SET specifies the process of purchasing and paying messaging messages in both e-commerce payment systems. The drawings are flow charts for the SET protocol structure. It can be seen that the transaction of the e-commerce payment system is: cardholders, merchants and payment gateways.
The transaction process is: (1) cardholder decided to purchase, send a purchase request to the merchant; (2) Merchant returns an agreement and other information; (3) Cardholders verify the business identity, will order information and payment information safely to the merchant, However, payment information is invisible to the merchant (encrypted with bank public keys); (4) Merchant verifying the ID identity, pass the payment information to the payment gateway, requiring the validation of the cardholder's payment information; (5) Payment gateway verifies the identity of the merchant. Verify that the payment information of the cardholder is valid through the traditional bank network, and returns the result back the merchant; (6) Merchant return information to the cardholder, send goods; (7) business regularly The payment gateway sends a request for payment information, the payment gateway notifies the card, and returns the result back the merchant, the transaction ends. Safety technology used by secure electronic transactions includes: encryption (public key encryption, secret key encryption), digital envelope, digital signature, double digital signature, authentication, etc. It guarantees the security of the data by encryption, ensuring the identity authentication of the transaction through the digital signature, and the interoperability is guaranteed by using the clear interactive protocol and message format. Since it is more complicated, each transaction needs multiple encryption, haveh and digital signatures, and must install dedicated trading software on the client. Therefore, there is not much electronic payment system that uses the protocol. The payment method in China's online banking is based on SET. my country's e-commerce payment system 3.1 Existing conditional legal for developing e-commerce payment systems in my country: At present, there is no regulations related to e-commerce. The validity of digital signatures has not been recognized by law. This is very disadvantageous to e-commerce. my country's relevant departments are considering developing specifications and systems related to e-commerce. In terms of financial industry: With card payment replacement of traditional cash payment has been accepted by people, but only a few banks have launched online banking. With the intensification of interbank competition, all commercial banks turn their attention to the online banking. It is expected that most of the banks can be paid online in one year or two. For payment gateways, the current commercial banks has also reached a certain consensus. The payment gateway is a security interface between the financial private network and the public network. Some are the commercial banks themselves, and some are jointly built by many commercial banks. Market: For the potential huge profits of e-commerce, business is looking forward to e-commerce. Customer requirements: Electronic payment provides users with a great convenience, gains from users. However, due to electronic payment needs to take a certain risk, it is necessary to prepare for electronic payment. 3.2 Payment System Architecture Selection At present, there are two e-commerce payment system architectures: SET structure and non-SET structure. Non-SET structure e-commerce payment system refers to an electronic payment system that uses other protocols except SET protocols. The payment method used by e-commerce can have a shopping card, bank card, etc. issued by E-Cash, E-Check, smart card, merchant or other institution. In view of China's national conditions, most of them use non-SET protocol structures to pay for shopping cards issued using merchants or merchants authorized by businesses or merchants. 3.3 Bank Card Non-SET E-Commerce Payment System (SSL) This type is an online payment method that pays universally used in China. The system uses SSL protocols, RSA encryption algorithms, digital signatures, and firewalls to ensure the security of the transaction, and use the bank issuance card (debit card), credit card. This method is risky, as long as banks are involved, the system is feasible. The body of the system has cardholders, merchants, payment gateways and card issues.
The process is: (1) cardholder login product release site, verify the business identity; (2) The cardholder decides to purchase, send a request to the merchant; (3) Business returns to pay attention to payment; (4) cardholder verification The identity of the payment gateway, fill in the payment information, transfer the order information and payment information to the merchant through SSL, but the payment information is encrypted by the public key of the payment gateway, which is not readable for the merchant. (5) The public key encryption payment information of the merchant uses the payment gateway, and the payment gateway is transmitted, requiring payment; (6) payment gateway to decrypt the information from the merchant, through the traditional bank network to the card issuer to verify the cardholder payment Whether the information is valid, instant / immediately, (7) payment the gateway with its private key encryption result, return the result back the merchant; (8) Return to the public key to the public key of the payment gateway to return information to the cardholder, send goods At the end of the transaction. The payment system has the following characteristics: (1) There is a bank's participation, the payment gateway must be authorized by the bank; (2) Business and payment gateway uses a certificate, payment gateway is self-signed Root Ca; (3) When paying the card The micro-e-wallet used is an Applet application, put on the server of the payment gateway and the signature authentication of the payment gateway; (4) Merchant and cardholder communication SSL protocol, merchant and payment gateway communication use RSA encryption; 5) The card must be signed with the payment gateway, becoming its member; (6) Communication of the payment gateway and the issuance of the card can pass the bank's pre-machine (when the business volume is not large), or take a line, Bank's front machine on the ISO8583 protocol. 3.4 Bank Direct Participation Non-SET E-Commerce Payment System (class SSL) The system payment information is not purchased directly to the bank site, ie the bank directly receives the payment information of the user. This system is risky. The body of the system has a cardholder, a merchant and a card. The payment process is: (1) card holder login product release site; (2) The cardholder decides to buy, send a purchase request to the merchant, and jump to the issuance of the card payment site; (3) cardholder verify the issuance of the card payment site Identity, transfer payment information to the issuance of the issuance from the SSL; (4) Bank handles the user's payment information, the booklet; (5) The merchant regularly query the delivery of goods, delivery, and transaction. The payment system has the following characteristics: (1) Bank personally establishes a payment site, becoming the subject of payment system; (2) Payment information is not merchant; (3) Use SSL protocol to ensure the safety of the transaction. 3.4 SET E-Commerce Payment System See 2.2 The online payment of China's commercial banks can be classified to the above three payment systems. The fourth summary At this stage, there should be the following difficulties in realizing the online real-time security of e-commerce in China. (1) There are no regulations related to e-commerce. (2) There is no unified, easy to implement the payment gateway associated with commercial banks. (3) Key technologies such as encryption technology is difficult to ensure safe electronic payment for users.
